$ timeahead.in
/ servers/pypi/mcpo
pypi

mcpo

A simple, secure MCP-to-OpenAPI proxy server

4k stars36k/wkupdated 49d agogithub ↗
92excellent
▣ Overview

What it does

mcpo is an HTTP-to-MCP proxy that converts any MCP server into an OpenAPI-compatible endpoint. It sits between stdio-based MCP servers (or remote SSE/Streamable HTTP variants) and HTTP clients, translating MCP protocol into standard RESTful calls. Each tool is automatically exposed with interactive OpenAPI documentation, removing the friction of stdio's inherent limitations: no built-in auth, no standard error handling, and incompatibility with OpenAPI-expecting frameworks.

Who it's for

Backend engineers integrating MCP tools into HTTP systems, Open WebUI administrators exposing MCP capabilities to their platform, and teams building LLM agent frameworks that expect OpenAPI-compatible tool interfaces. Anyone needing to bridge MCP's stdio world with HTTP-first tooling without custom glue code.

Common use cases

  • Expose a local MCP server (e.g., mcp-server-time) as an OpenAPI HTTP endpoint for direct consumption by HTTP clients.
  • Integrate multiple MCP servers into Open WebUI via a single proxy using mcpo's config file support.
  • Serve MCP tools behind a reverse proxy by configuring --root-path for subpath routing.
  • Gate MCP access with API key authentication without modifying the underlying MCP server.
  • Connect remote MCP servers over SSE or Streamable HTTP without changing their implementation.

Setup pitfalls

  • API key is required: The --api-key flag is mandatory; requests without a valid key are rejected. Omitting it results in an open, unauthenticated endpoint.
  • MCP server must be running: The underlying MCP command or HTTP endpoint must be live before mcpo starts; a stale or invalid endpoint causes startup failure.
  • Port conflicts: Multiple mcpo instances require separate --port values. Default is 8000; verify no other service is bound.
  • OAuth requires persistent storage: If using OAuth, the token storage directory must be writable and survive container/process restarts when using --storage-type file.
  • Network exposure: mcpo opens a plaintext HTTP endpoint. In production, always run behind a TLS-terminating reverse proxy and restrict network access via firewall.
▣ Score BreakdownMCPScore = Σ(raw × weight)
DimensionRawWeighted
Security
35%
100
35.0
Freshness
25%
100
25.0
Adoption
20%
91
18.2
Quality
10%
90
9.0
Trust
10%
50
5.0
Total
92.2
⚿ Capabilities & Risk Explainer
fs readfs writenetworksecrets
◆ Risk level: medium
fs read + fs write + network + secrets — requires access to credentials or environment secrets.
⚙ Install config
Claude Desktop · Cursor · Windsurf · VS Code (Copilot) · Claude Code
add to your MCP client config:
{
  "mcpServers": {
    "mcpo-1": {
      "command": "uvx",
      "args": [
        "mcpo"
      ]
    }
  }
}
📈 Score historylast 44 snapshots
5/10/20267/5/2026 · 44 snapshots
⚙ Maintenance health
63/ 100 · is this project alive?
contributors (1y)11
top contributor share48%
releases (1y)4
last release128d ago
ci✓ passing
⛁ Raw data
weekly downloads36k
github stars4k
forks470
open issues47
license✓ present
readme length8624 chars
last publish0d ago
last commit49d ago
last updated19h ago
install verified✓ pass · 50d ago
owner of this server? claim your listing to get a verified badgeclaim →
🔔 Score drop alerts
get notified by email when this server's score drops 5+ points